SSH SSL Supplementary material cs 490 ns-cotter

SSH / SSL Supplementary material cs 490 ns-cotter 1

Secure Shell (SSH) • One of the primary goals of the ARPANET was remote access • Several different connections allowed – rlogin – rcp – rsh • All data was unencrypted – This was a different world than exists today. cs 490 ns-cotter 2

SSH • SSH is a UNIX-based command interface and protocol for securely accessing a remote computer • Suite of four utilities—slogin, ssh, sftp, and scp • Can protect against: – IP spoofing – DNS spoofing – Intercepting information cs 490 ns-cotter 3

SSH Objectives • Protect data sent over the network – Negotiate an encryption algorithm between sender and receiver – Use that algorithm and a session key to encrypt / decrypt data sent • Provide site authentication – Use public key / fingerprint to ensure identity of remote host. – Relies on locally generated keys, so no certifying authority is generally available. cs 490 ns-cotter 4

SSH Graphical Client cs 490 ns-cotter 5

SSH Command Line Client (Linux) cs 490 ns-cotter 6

SSH Communications Using password SSH Client SSH Server SSH 2? SSH 2 Diffie-Helman, etc? Diffie-Helman Send Serv_Pub_Key Serv_Pub_key(S_key) S_key(Uname, pwd) OK OK S_key(data) cs 490 ns-cotter 7

SSH Wire Shark Trace cs 490 ns-cotter 8

SSH Communications Using Public Key • Problems with Password Authentication – – Passwords can be guessed. Default allows multiple attempts against account Only 1 account / password needs to be guessed Alternate approach is to use public / private keys to authenticate user • Public Key Authentication – – Create public / private keypair Ensure that private Upload public key to server user account: ~. ssh/authorized_keys ssh –o Preferred. Authentications=publickey server. example. org

SSH Communications Using Public Key SSH Client SSH Server SSH 2? SSH 2 Diffie-Helman, etc? Diffie-Helman Serv_Pub_key(S_key) Send Serv_Pub_Key OK S_key(Uname) Client_Pub_key(Random) Client_Pri_key(msg) Hash(Random) OK S_key(data) cs 490 ns-cotter

s. FTP in Linux cs 490 ns-cotter 11

SFTP cs 490 ns-cotter 12

SFTP cs 490 ns-cotter 13

SSH Tunneling • Use SSH to create an encrypted channel between remote host and server • Use that encrypted channel to carry other traffic. www access LAN Internet Web Server 192. 168. 1. 10 Local port 12345 cs 490 ns-cotter SSH Tunnel 14

SSH Tunneling ssh –L 12345: 192. 168. 1. 10: 80 –l root homenet. net

SSH Tunneling cs 490 ns-cotter 16

Secure Copy (scp) • Allows encrypted transfer of files between machines • Download files from server: – scp user@server. net: myfile 1. txt – user@server. net’s password: xxxxx • Upload files to server – Scp myfile. txt user@server. net: myfile. txt – user@server. net’s password: xxxxx cs 490 ns-cotter 17

SSH Passwordless Login • On remote client: – Create key pair. Store in. ssh subdirectory • On ssh server: – Modify sshd_config to allow shosts based authentication – Create. shosts file in user’s subdirectory – Copy public key from remote client to. ssh subdirectory/authorized_keys cs 490 ns-cotter 18

SSH Passwordless Login SSH Client SSH Server SSH 2? SSH 2 Diffie-Helman, etc? Diffie-Helman Serv_Pub_key(S_key) Send Serv_Pub_Key OK S_key(Uname) Client_Pub_key(Random) Client_Pri_key(msg) Hash(Random) OK S_key(data) cs 490 ns-cotter 19

Secure. Sockets Layer (SSL) Transport Layer Security (TLS) • Originally developed by Netscape to support encrypted access to web servers. • SSL v 3 released 1996. • Served as the basis for IETF standard TLS (1999) • Used by major financial institutions for secure commerce over the Internet • Early problem with weak keys resolved with longer (128 -bit) keys cs 490 ns-cotter 20

SSL / TLS Application (www) SSL / TLS TCP IP cs 490 ns-cotter 21

SSL/TLS Handshake SSL Client SSL Server Client hello Ciphers I have Server Hello Cipher I choose Server certificate (S_Pub) S_Pub(Session_key) OK Session_key(data) OK cs 490 ns-cotter 22

SSL/TLS Security • Depends on integrity of public key certificate • Public Key Infrastructure (PKI) – Components necessary to securely distribute public keys – Certificate Authorities: Organizations that certify the relationship between a public key and its owner. – Verisign, Thawte cs 490 ns-cotter 23

SSL/TLS Implementations • • SSL v 2 – Still in use SSL v 3 – Most widely deployed TLS v 1 – Starting Deployment Open. SSL – Linux/UNIX toolkit that supports all 3 protocols listed above. • Private Communication Technology (PCT) – Developed by Microsoft – Compatible with SSL v 2 • Versions are not completely compatible cs 490 ns-cotter 24

SSL/TLS Vulnerability • SSL/TLS supports the concept of session renegotiation due to errors, requests, etc. • This feature assumes that the renegotiation is with the original party, and any requests or messages transmitted before the renegotiation are combined (pre-pended) with the requests after renegotiation • This behavior can be abused to allow man-in-the-middle attacks • Demonstrated with https, but the vulnerability exists with any application that uses SSL/TLS

SSL/TLS Vulnerability Client MITM Server TLS handshake session #1 TLS handshake session #2 Trigger renegotiation GET /ebanking/paymemoney. cgi? Acc=LU 0000? amount=1000 Ignore-what-comes-now; X TLS handshake session #1 continued within the encrypted session #2 Client has authenticated session At app layer (with cookie) GET /ebanking/ Cookie: AS 2398648756083745 Server receives: GET /ebanking/paymemoney. cgi? Acc=LU 0000? amount=1000 Ignore-what-comes-now; GET /ebanking/ Cookie: AS 2398648756083745

References • SSH – – SSH Tutorial (http: //www. suso. org/docs/shell/ssh. sdf) www. openssh. org UNIX Secure Shell – Carasik – Mc. Graw-Hill, 1999 SSH Agent Forwarding (unixwiz. net/techtips/ssh-agent-forwarding. html) • SSL – www. open. SSL. org – RFCs – 2246, 3546 – SSL Authentication Gap (SSL Gap) (http: //www. phonefactor. com/sslgap ) – TLS/SSL renegotiation vulnerability explained (http: //www. g-sec. lu/practicaltls. pdf ) cs 490 ns-cotter 27

SSH RFCs • 4250 The Secure Shell (SSH) Protocol Assigned Numbers. – – • 4251 The Secure Shell (SSH) Protocol Architecture. – – • TXT=24728 bytes) M. Bellare, T. Kohno, C. Nampre. January 2006. (Format: TXT=27521 (Status: PROPOSED STANDARD) M. Friedl, N. Provos, W. Simpson. March (Status: PROPOSED STANDARD) 2006. (Format: TXT=18356 bytes) 4716 The Secure Shell (SSH) Public Key File Format – – • F. Cusack, M. Forssen. January 2006. (Format: (Status: PROPOSED STANDARD) bytes) 4419 Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol. – – • TXT=18399 bytes) 4344 The Secure Shell (SSH) Transport Layer Encryption Modes. – – • J. Schlyter, W. Griffin. January 2006. (Format: (Status: PROPOSED STANDARD) 4256 Generic Message Exchange Authentication for the Secure Shell Protocol (SSH). – – • T. Ylonen, C. Lonvick, Ed. . January 2006. (Format: TXT=50338 bytes) (Status: PROPOSED STANDARD) 4255 Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints. – – • T. Ylonen, C. Lonvick, Ed. . January 2006. (Format: TXT=68263 bytes) (Status: PROPOSED STANDARD) 4254 The Secure Shell (SSH) Connection Protocol. – – • T. Ylonen, C. Lonvick, Ed. . January 2006. (Format: TXT=34268 bytes) (Status: PROPOSED STANDARD) 4253 The Secure Shell (SSH) Transport Layer Protocol. – – • T. Ylonen, C. Lonvick, Ed. . January 2006. (Format: TXT=71750 bytes) (Status: PROPOSED STANDARD) 4252 The Secure Shell (SSH) Authentication Protocol. – – • S. Lehtinen, C. Lonvick, Ed. . January 2006. (Format: TXT=44010 bytes) (Status: PROPOSED STANDARD) . J. Galbraith, R. Thayer. November 2006. (Format: TXT=18395 bytes) (Status: INFORMATIONAL) 4819 Secure Shell Public Key Subsystem. – – J. Galbraith, J. Van Dyke, J. Bright. March 2007. (Format: TXT=32794 bytes) (Status: PROPOSED STANDARD)

Summary • SSH – – Supports secure remote access to hosts SSH – secure shell SCP – secure copy SFTP – secure file transfer • SSL – Provides a framework for incorporating secure communications into applications – Uses strong cryptography – Can rely on PKI for reliable sharing of public keys cs 490 ns-cotter 29